Plan A (codename: "current") proposes (a summary of most important, in my opinion, points):
- full suspending development in the old SVN repository, making it readonly to devs (and most probably physical deleting when auditing is done)
- creating audited repository, and moving/auditing/rewriting stuff from old repository. Starting from the biggest possible clean revision of the module (e.g. for kernel it would be ntoskrnl rev. around 9000)
- removing all previous reactos releases, source code for release from any downloads servers forever, as if they didn't exist
- estimated time before new release - months-years
- legality / court-proof: perfect

Plan B (codename: "proposed") proposes (a summary of most important, in my opinion, points):
- resuming access to old repository, including readonly anonymous access and developers commit access
- continue development in old repository: all new commits must not be derivative of copyright work (I'm repeating here, but that's important) - thus no dirty reverse engineering
- parallel auditing of trunk, rewriting tainted,suspicious parts of it.
- perform releases (0.3, 0.3.x, 0.4), while getting every release cleaner and cleaner (announcing some release, e.g. 0.4 as being fully clean)
- possibly encourage creating a branch for developers who wants to perform full audit of the kernel starting from earlier, not-tainted revisions.

I will let you to decide which plan is more fun, more legal, and which plan almost certainly guarantees death to the project.